TW202145042A - Method and apparatus for encrypting and decrypting physical address information - Google Patents

Method and apparatus for encrypting and decrypting physical address information Download PDF

Info

Publication number
TW202145042A
TW202145042A TW109122196A TW109122196A TW202145042A TW 202145042 A TW202145042 A TW 202145042A TW 109122196 A TW109122196 A TW 109122196A TW 109122196 A TW109122196 A TW 109122196A TW 202145042 A TW202145042 A TW 202145042A
Authority
TW
Taiwan
Prior art keywords
mentioned
host
hpb
item
physical
Prior art date
Application number
TW109122196A
Other languages
Chinese (zh)
Other versions
TWI747351B (en
Inventor
陳瑜達
Original Assignee
慧榮科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 慧榮科技股份有限公司 filed Critical 慧榮科技股份有限公司
Application granted granted Critical
Publication of TWI747351B publication Critical patent/TWI747351B/en
Publication of TW202145042A publication Critical patent/TW202145042A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a method and an apparatus for encrypting and decrypting physical address information. The method is performed by a flash controller to include: receiving a read command requesting for physical block addresses (PBAs) corresponding to a logical block address (LBA) range from a host side; reading the PBAs corresponding to the LBA range from a flash device; arranging the PBAs into entries; encrypting the content of each entry by using an encryption algorithm and an encryption parameter to obtain encrypted entries; and transmitting the encrypted entries to the host side. By encrypting entries including PBA information, it prevents illegal persons from spying on the PBA information with the host side to know internal data management of a device side.

Description

加密和解密實體位址資訊的方法及裝置Method and apparatus for encrypting and decrypting physical address information

本發明涉及儲存裝置,尤指一種加密和解密實體位址資訊的方法及裝置。The present invention relates to a storage device, in particular to a method and device for encrypting and decrypting physical address information.

閃存通常分為NOR閃存與NAND閃存。NOR閃存為隨機存取裝置,中央處理器(Host)可於位址腳位上提供任何存取NOR閃存的位址,並及時地從NOR閃存的資料腳位上獲得儲存於該位址上的資料。相反地,NAND閃存並非隨機存取,而是序列存取。NAND閃存無法像NOR閃存一樣,可以存取任何隨機位址,中央處理器反而需要寫入序列的位元組(Bytes)的值到NAND閃存中,用於定義請求命令(Command)的類型(如,讀取、寫入、抹除等),以及用在此命令上的位址。位址可指向一個頁面(閃存中寫入作業的最小資料塊)或一個區塊(閃存中抹除作業的最小資料塊)。Flash memory is usually divided into NOR flash memory and NAND flash memory. NOR flash memory is a random access device. The central processing unit (Host) can provide any address for accessing NOR flash memory on the address pin, and obtain the data stored at the address from the data pin of NOR flash memory in time. material. In contrast, NAND flash memory is not random access, but sequential access. NAND flash memory cannot access any random address like NOR flash memory. Instead, the central processor needs to write the value of the sequence of bytes (Bytes) into the NAND flash memory to define the type of request command (Command) (such as , read, write, erase, etc.), and the address used on this command. The address can point to a page (the smallest block of data in flash for write operations) or a block (the smallest block of data in flash for erase operations).

為了提昇閃存模組的資料寫入及讀取效能,裝置端會以多個通道並行地執行資料寫入及讀取。為了達成並行處理的目的,一段連續性的資料會分散地儲存到多個通道所連接的閃存單元,並使用邏輯實體對照表(Logical-to-physical,L2P Mapping Table)紀錄使用者資料的邏輯位址(由主機端管理)與實體位址(由閃存控制器管理)間的對應關係。更進一步地,在新的規範中,閃存控制器能夠將邏輯位址與實體位址間的對應關係整理成主機性能增強器項目(Host Performance Booster,HPB Entries)的格式並提供給主機端。之後,主機端可從HPB項目中取出需要的實體位址,並且將實體位址攜帶在發送給裝置端的HPB讀取命令中,使得閃存控制器可直接從閃存模組的實體位址讀取使用者資料並回覆給主機端,而不需要像以前一樣得花費時間和運算資源從閃存模組讀取邏輯實體對照表並進行邏輯實體位址轉換。然而,HPB項目的實體位址都是以明碼的方式儲存,讓不法人員可通過主機端窺探實體位址來知道裝置端的內部資料管理方式,並且使用不正當手段來取得敏感資料(例如,系統或管理資料)。因此,本發明提出一種加密和解密實體位址資訊的方法及裝置,用於提昇資料安全性。In order to improve the data writing and reading performance of the flash memory module, the device side performs data writing and reading in parallel with multiple channels. In order to achieve the purpose of parallel processing, a continuous piece of data will be distributed to the flash memory cells connected to multiple channels, and a logical-to-physical (L2P Mapping Table) will be used to record the logical bits of user data. The correspondence between addresses (managed by the host side) and physical addresses (managed by the flash controller). Furthermore, in the new specification, the flash memory controller can organize the correspondence between logical addresses and physical addresses into the format of Host Performance Booster (HPB Entries) and provide it to the host. After that, the host side can take out the required physical address from the HPB project, and carry the physical address in the HPB read command sent to the device side, so that the flash memory controller can directly read and use the physical address from the flash memory module. The user data is returned to the host, without the need to spend time and computing resources to read the logical entity comparison table from the flash memory module and perform logical entity address conversion as before. However, the physical addresses of the HPB project are stored in clear code, so that illegal persons can spy on the physical addresses on the host side to know the internal data management method on the device side, and use improper means to obtain sensitive information (for example, system or management data). Therefore, the present invention proposes a method and apparatus for encrypting and decrypting physical address information for improving data security.

有鑑於此,如何減輕或消除上述相關領域的缺失,實為有待解決的問題。In view of this, how to alleviate or eliminate the above-mentioned deficiencies in related fields is a problem to be solved.

本說明書涉及一種加密和解密實體位址資訊的方法,由閃存控制器執行,包含:從主機端接收到讀取命令,請求獲取相應於一段邏輯區塊位址區間的多個實體區塊位址;從閃存裝置讀取相應於邏輯區塊位址區間的實體區塊位址;將實體區塊位址編排入多個項目;使用加密演算法和加密參數加密每個項目的內容以獲得加密後項目;以及傳送加密後項目給主機端。This specification relates to a method for encrypting and decrypting physical address information, which is executed by a flash memory controller, including: receiving a read command from a host, requesting to obtain a plurality of physical block addresses corresponding to a logical block address range ; read the physical block address corresponding to the logical block address interval from the flash memory device; program the physical block address into a plurality of items; encrypt the content of each item using an encryption algorithm and encryption parameters to obtain encrypted project; and transmitting the encrypted project to the host.

本說明書另涉及一種加密和解密實體位址資訊的裝置,包含:控制邏輯;主機介面;和處理單元。處理單元用於通過主機介面從主機端接收到讀取命令,請求獲取相應於一段邏輯區塊位址區間的多個實體區塊位址;通過控制邏輯從閃存裝置讀取第一表,第一表包含相應於邏輯區塊位址區間的實體區塊位址;將實體區塊位址編排入多個項目;使用加密演算法和加密參數加密每個項目的內容以獲得加密後項目;以及通過主機介面傳送加密後項目給主機端。The present specification also relates to an apparatus for encrypting and decrypting physical address information, comprising: control logic; a host interface; and a processing unit. The processing unit is used to receive a read command from the host through the host interface, and request to obtain a plurality of physical block addresses corresponding to a logical block address range; read the first table from the flash memory device through the control logic, the first The table contains physical block addresses corresponding to logical block address ranges; program physical block addresses into multiple items; encrypt the content of each item using an encryption algorithm and encryption parameters to obtain encrypted items; and pass The host interface transmits the encrypted item to the host.

每個實體區塊位址指出邏輯區塊位址區間中的特定邏輯區塊位址的使用者資料實際儲存在閃存裝置中的哪裡。Each physical block address indicates where in the logical block address range the user data for that particular logical block address is actually stored in the flash memory device.

上述實施例的優點之一,通過加密包含實體區塊位址的項目能夠防止不法人員通過主機端窺探實體位址來知道裝置端的內部資料管理方式。One of the advantages of the above embodiment is that by encrypting the item including the physical block address, it can prevent illegal persons from knowing the internal data management mode of the device side by snooping on the physical address on the host side.

本發明的其他優點將搭配以下的說明和圖式進行更詳細的解說。Other advantages of the present invention will be explained in more detail in conjunction with the following description and drawings.

以下說明為完成發明的較佳實現方式,其目的在於描述本發明的基本精神,但並不用以限定本發明。實際的發明內容必須參考之後的權利要求範圍。The following description is a preferred implementation manner to complete the invention, and its purpose is to describe the basic spirit of the invention, but it is not intended to limit the invention. Reference must be made to the scope of the following claims for the actual inventive content.

必須了解的是,使用於本說明書中的“包含”、“包括”等詞,用以表示存在特定的技術特徵、數值、方法步驟、作業處理、元件以及/或組件,但並不排除可加上更多的技術特徵、數值、方法步驟、作業處理、元件、組件,或以上的任意組合。It must be understood that the words "comprising" and "including" used in this specification are used to indicate the existence of specific technical features, values, method steps, operation processes, elements and/or components, but do not exclude the possibility of adding More technical features, values, method steps, job processes, elements, components, or any combination of the above.

於權利要求中使用如“第一”、“第二”、“第三”等詞是用來修飾權利要求中的元件,並非用來表示之間具有優先順序,前置關係,或者是一個元件先於另一個元件,或者是執行方法步驟時的時間先後順序,僅用來區別具有相同名字的元件。The use of words such as "first", "second", "third", etc. in the claims is used to modify the elements in the claims, and is not used to indicate that there is a priority order, a preceding relationship between them, or an element Prior to another element, or chronological order in which method steps are performed, is only used to distinguish elements with the same name.

必須了解的是,當元件描述為“連接”或“耦接”至另一元件時,可以是直接連結、或耦接至其他元件,可能出現中間元件。相反地,當元件描述為“直接連接”或“直接耦接”至另一元件時,其中不存在任何中間元件。使用來描述元件之間關係的其他語詞也可類似方式解讀,例如“介於”相對於“直接介於”,或者是“鄰接”相對於“直接鄰接”等等。It must be understood that when an element is described as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element, and intervening elements may be present. In contrast, when an element is described as being "directly connected" or "directly coupled" to another element, there are no intervening elements present. Other words used to describe the relationship between elements can also be read in a similar fashion, such as "between" versus "directly interposed," or "adjacent" versus "directly adjoining," and the like.

參考圖1。電子裝置10包含主機裝置(又可稱主機端)110、閃存控制器130及閃存裝置150,並且閃存控制器130及閃存裝置150可合稱為裝置端(Device Side)。電子裝置10可實施於個人電腦、筆記型電腦(Laptop PC)、平板電腦、手機、數位相機、數位攝影機等電子產品之中。主機裝置110與閃存控制器130的主機介面(Host Interface)131可以通用快閃記憶儲存(Universal Flash Storage,UFS)等通訊協定彼此溝通。雖然以下實施例描述了UFS規範的主機性能增強器(Host Performance Booster,HPB)的功能,但所屬技術領域人員可將本發明應用到其他規範的類似功能中,本發明並不因此受限。閃存控制器130的控制邏輯139與閃存裝置150可以雙倍資料率(Double Data Rate,DDR)通訊協定彼此溝通,例如,開放NAND快閃介面(Open NAND Flash Interface,ONFI)、雙倍資料率開關(DDR Toggle)或其他通訊協定。閃存控制器130包含處理單元134,可使用多種方式實施,如使用通用硬體(例如,微控制單元、中央處理器、具平行處理能力的多處理器、圖形處理器或其他具運算能力的處理器),並且在執行軟體以及/或韌體指令時,提供之後描述的功能。處理單元134通過主機介面131接收HPB命令,例如HPB讀取命令(HPB READ Command)、HPB讀取緩衝器命令(HPB READ BUFFER Command)、HPB寫入緩衝器命令(HPB WRITE BUFFER Command)等,並執行這些命令。閃存控制器130包含隨機存取記憶體(Random Access Memory, RAM)136,可實施為動態隨機存取記憶體(Dynamic Random Access Memory,DRAM)、靜態隨機存取記憶體(Static Random Access Memory,SRAM)或上述兩者的結合,用於配置空間作為資料緩衝區。隨機存取記憶體136另可儲存執行過程中需要的資料,例如,變數、資料表等。閃存控制器130包含唯讀記憶體(Read Only Memory, ROM)135,用於儲存開機時需要執行的程式碼。控制邏輯139包含NAND閃存控制器(NAND Flash Controller,NFC),提供存取閃存裝置150時需要的功能,例如命令序列器(Command Sequencer)、低密度奇偶校驗(Low Density Parity Check,LDPC)等。Refer to Figure 1. The electronic device 10 includes a host device (also referred to as a host side) 110 , a flash memory controller 130 and a flash memory device 150 , and the flash controller 130 and the flash memory device 150 may be collectively referred to as a device side. The electronic device 10 can be implemented in electronic products such as personal computers, notebook computers (Laptop PCs), tablet computers, mobile phones, digital cameras, and digital video cameras. The host device 110 and the host interface (Host Interface) 131 of the flash controller 130 can communicate with each other through a communication protocol such as Universal Flash Storage (UFS). Although the following embodiments describe the function of the Host Performance Booster (HPB) of the UFS specification, those skilled in the art can apply the present invention to similar functions of other specifications, and the present invention is not limited thereby. The control logic 139 of the flash memory controller 130 and the flash memory device 150 can communicate with each other through a Double Data Rate (DDR) protocol, such as Open NAND Flash Interface (ONFI), a double data rate switch (DDR Toggle) or other protocols. The flash controller 130 includes a processing unit 134, which may be implemented using a variety of means, such as using general-purpose hardware (eg, a microcontroller, a central processing unit, a multiprocessor with parallel processing capabilities, a graphics processor, or other computationally capable processors). device) and, when executing software and/or firmware instructions, provide the functionality described later. The processing unit 134 receives HPB commands, such as an HPB read command (HPB READ Command), an HPB read buffer command (HPB READ BUFFER Command), an HPB write buffer command (HPB WRITE BUFFER Command), etc. through the host interface 131 , and Execute these commands. The flash memory controller 130 includes a random access memory (Random Access Memory, RAM) 136, which can be implemented as a dynamic random access memory (DRAM), a static random access memory (SRAM) ) or a combination of the two above for configuration space as a data buffer. The random access memory 136 can also store data required in the execution process, such as variables, data tables, and the like. The flash controller 130 includes a Read Only Memory (ROM) 135 for storing program codes that need to be executed when booting. The control logic 139 includes a NAND Flash Controller (NFC), which provides functions required for accessing the flash device 150, such as Command Sequencer (Command Sequencer), Low Density Parity Check (LDPC), etc. .

閃存控制器130包含編碼解碼器(Coder-decoder,Codec)138,為一種專用硬體,包含用於加密原始HPB項目的編碼邏輯;以及將加密內容解密的解碼邏輯,用於還原原始的HPB項目。以下段落將詳述編碼解碼器138的結構、功能以及與其他元件間互動的細節。The flash controller 130 includes a codec (Coder-decoder, Codec) 138, which is a dedicated hardware, including encoding logic for encrypting the original HPB item; and decoding logic for decrypting the encrypted content, for restoring the original HPB item . The following paragraphs will detail the structure, function, and interaction of codec 138 with other components.

閃存控制器130中可配置匯流排架構(Bus Architecture)132,用於讓元件之間彼此耦接以傳遞資料、位址、控制訊號等,這些元件包含主機介面131、處理單元134、ROM 135、RAM 136、編碼解碼器138、控制邏輯139等。在一些實施例中,主機介面131、處理單元134、ROM 135、RAM 136、編碼解碼器138與控制邏輯139可通過單一匯流排彼此耦接。在另一些實施例中,閃存控制器130中可配置高速匯流排,用於讓處理單元134、編碼解碼器138與RAM 136彼此耦接,並且配置低速匯流排,用於讓處理單元134、編碼解碼器138、主機介面131與控制邏輯139彼此耦接。匯流排包含並行的物理線,連接閃存控制器130中兩個以上的組件。A bus architecture (Bus Architecture) 132 can be configured in the flash memory controller 130 for coupling elements to each other to transmit data, addresses, control signals, etc. These elements include a host interface 131, a processing unit 134, a ROM 135, RAM 136, codec 138, control logic 139, etc. In some embodiments, host interface 131, processing unit 134, ROM 135, RAM 136, codec 138, and control logic 139 may be coupled to each other through a single bus. In other embodiments, a high-speed bus may be configured in the flash controller 130 for coupling the processing unit 134, the codec 138, and the RAM 136 to each other, and a low-speed bus may be configured for the processing unit 134, the codec The decoder 138, the host interface 131 and the control logic 139 are coupled to each other. The bus bars contain parallel physical lines that connect more than two components in the flash controller 130 .

閃存裝置150提供大量的儲存空間,通常是數百個千兆位元組(Gigabytes,GB),甚至是數個兆兆位元組(Terabytes,TB),用於儲存大量的使用者資料,例如高解析度圖片、影片等。閃存裝置150中包含控制電路以及記憶體陣列,記憶體陣列中的記憶單元可包含單層式單元(Single Level Cells,SLCs)、多層式單元(Multiple Level Cells,MLCs)三層式單元(Triple Level Cells,TLCs)、四層式單元(Quad-Level Cells,QLCs)或上述的任意組合。處理單元134通過控制邏輯139寫入使用者資料到閃存裝置150中的指定位址(目的位址),以及從閃存裝置150中的指定位址(來源位址)讀取使用者資料和L2P對照表中的指定部分。控制邏輯139使用數個電子訊號來協調閃存控制器130與閃存裝置150間的資料與命令傳遞,包含資料線(Data Line)、時脈訊號(Clock Signal)與控制訊號(Control Signal)。資料線可用於傳遞命令、位址、讀出及寫入的資料;控制訊號線可用於傳遞晶片致能(Chip Enable,CE)、位址提取致能(Address Latch Enable,ALE)、命令提取致能(Command Latch Enable,CLE)、寫入致能(Write Enable,WE)等控制訊號。The flash memory device 150 provides a large amount of storage space, usually hundreds of gigabytes (Gigabytes, GB), or even several terabytes (Terabytes, TB), for storing large amounts of user data, such as High-resolution pictures, videos, etc. The flash memory device 150 includes a control circuit and a memory array. The memory cells in the memory array may include Single Level Cells (SLCs), Multiple Level Cells (MLCs), Triple Level Cells (Triple Level Cells) Cells, TLCs), Quad-Level Cells (Quad-Level Cells, QLCs), or any combination of the above. The processing unit 134 writes the user data to the designated address (destination address) in the flash memory device 150 through the control logic 139, and reads the user data and L2P comparison from the designated address (source address) in the flash memory device 150 specified section in the table. The control logic 139 uses several electronic signals to coordinate data and command transfer between the flash controller 130 and the flash device 150 , including a data line, a clock signal, and a control signal. Data lines can be used to transmit commands, addresses, read and written data; control signal lines can be used to transmit Chip Enable (CE), Address Latch Enable (ALE), Command Latch Enable Can (Command Latch Enable, CLE), write enable (Write Enable, WE) and other control signals.

在另一些實施例中,參考圖2,電子裝置20包含修改過的閃存控制器230,其中不包含如圖1所示的編碼解碼器138。在閃存控制器230中,編碼解碼器138的功能可以軟體或韌體指令代替,並且在處理單元134載入並執行這些指令時完成加密原始的HPB項目,以及解密被加密過的內容,用於還原原始的HPB項目。換句話說,圖1包含了使用硬體來加密和解密的解決方案,而圖2包含了使用軟體來加密和解密的解決方案。In other embodiments, referring to FIG. 2 , the electronic device 20 includes a modified flash controller 230 that does not include the codec 138 shown in FIG. 1 . In the flash controller 230, the functions of the codec 138 can be replaced by software or firmware instructions, and when the processing unit 134 loads and executes these instructions, encrypting the original HPB item and decrypting the encrypted content is done for Restore the original HPB project. In other words, Figure 1 contains a solution that uses hardware to encrypt and decrypt, while Figure 2 contains a solution that uses software to encrypt and decrypt.

參考圖3,閃存裝置150中的介面151可包含四個輸出入通道(I/O channels,以下簡稱通道)CH#0至CH#3,每一個通道連接四個NAND閃存單元,例如,通道CH#0連接NAND閃存單元153#0、153#4、153#8及153#12。每個NAND閃存單元可封裝為獨立的芯片(die)。控制邏輯139可通過介面151發出致能訊號CE#0至CE#3中的一個來致能NAND閃存單元153#0至153#3、153#4至153#7、153#8至153#11、或153#12至153#15,接著以並行的方式從致能的NAND閃存單元讀取使用者資料,或者寫入使用者資料至致能的NAND閃存單元。Referring to FIG. 3 , the interface 151 in the flash memory device 150 may include four I/O channels (hereinafter referred to as channels) CH#0 to CH#3, each of which is connected to four NAND flash memory cells, for example, channel CH #0 connects NAND flash memory cells 153#0, 153#4, 153#8 and 153#12. Each NAND flash memory cell can be packaged as an independent die. The control logic 139 can issue one of the enable signals CE#0 to CE#3 through the interface 151 to enable the NAND flash memory cells 153#0 to 153#3, 153#4 to 153#7, 153#8 to 153#11 , or 153#12 to 153#15, and then read user data from the enabled NAND flash memory cells in parallel, or write user data to the enabled NAND flash memory cells.

由於一段連續性的資料(也就是一段連續邏輯位址的資料)被分散地儲存到多個通道所連接的閃存單元,閃存控制器130使用邏輯實體對照表(Logical-to-physical,L2P Mapping Table)紀錄使用者資料的邏輯位址(由主機裝置110管理)與實體位址(由閃存控制器130管理)間的對應關係。L2P對照表也可稱為主機閃存對照表(Host-to-flash,H2F Mapping Table)。H2F對照表包含多筆紀錄,依邏輯位址的順序儲存每個邏輯位址的使用者資料實際儲存在哪個實體位址的資訊。然而,由於RAM 136無法提供足夠空間儲存整個H2F對照表以供處理單元134將來於資料讀取操作時快速查找,H2F對照表可切成多個第一表(Table 1,又可稱為T1表),並儲存在非揮發性的閃存裝置150,使得將來於資料讀取操作時只要從閃存裝置150讀取相應的T1表至RAM 136。參考圖4,整個H2F對照表可切成T1表430#0~430#15。處理單元134更維護第二表(Table 2,又可稱為T2表)410,包含多個紀錄,依邏輯位址的順序儲存每段邏輯位址區段關聯的T1表的實體位址資訊。例如,第0個至第4095個邏輯區塊位址(Logical Block Addresses,LBAs)的關聯T1表430#0儲存在特定邏輯單元號(Logical Unit Number,LUN)的特定實體塊中(字母”Z”可代表LUN和實體塊的編號)的第0個實體頁面,第4096個至第8191個LBA的關聯T1表430#1儲存在特定LUN的特定實體塊中的第1個實體頁面,依此類推。雖然圖4中只包含16個T1表,但是所屬技術領域的技術人員可因應閃存裝置150的容量,設置更多的T1表,本發明並不因此侷限。Since a continuous piece of data (that is, a piece of data with a continuous logical address) is distributed and stored in the flash memory cells connected to multiple channels, the flash memory controller 130 uses a logical-to-physical (L2P Mapping Table) table. ) records the correspondence between the logical address (managed by the host device 110 ) and the physical address (managed by the flash controller 130 ) of the user data. The L2P comparison table may also be referred to as a host-to-flash comparison table (Host-to-flash, H2F Mapping Table). The H2F comparison table contains multiple records, which store the information of the physical address where the user data of each logical address is actually stored in the order of the logical addresses. However, since the RAM 136 cannot provide enough space to store the entire H2F comparison table for the processing unit 134 to quickly look up the data reading operation in the future, the H2F comparison table can be divided into multiple first tables (Table 1, also known as T1 table) ), and stored in the non-volatile flash memory device 150 , so that in the future data read operations only need to read the corresponding T1 table from the flash memory device 150 to the RAM 136 . Referring to Figure 4, the entire H2F comparison table can be cut into T1 tables 430#0~430#15. The processing unit 134 further maintains a second table (Table 2, also referred to as a T2 table) 410, which includes a plurality of records, and stores the physical address information of the T1 table associated with each logical address segment in the order of logical addresses. For example, the associated T1 table 430#0 of the 0th to 4095th Logical Block Addresses (LBAs) is stored in a specific physical block (the letter "Z") of a specific Logical Unit Number (LUN) " can represent the number of the LUN and the physical block) of the 0th physical page, the associated T1 table 430#1 of the 4096th to 8191st LBAs is stored in the 1st physical page of a specific physical block of a specific LUN, and so on analogy. Although only 16 T1 tables are included in FIG. 4 , those skilled in the art can set more T1 tables according to the capacity of the flash memory device 150 , and the present invention is not limited thereto.

每個T1表所需的空間可以為4KB、8KB、16KB等。每個T1表依照LBA的順序儲存相應於每一個LBA的實體位址資訊,而每一個LBA對應到一個固定大小的實體儲存空間,例如4KB。參考圖5,舉例來說,T1表430#0依序儲存從LBA#0至LBA#4095的實體位址資訊。實體位址資訊530可以四個位元組表示:前二個位元組530-0紀錄實體塊編號(Physical Block Number);後二個位元組530-1紀錄實體頁面編號(Physical Page Number)。舉例來說,相應於LBA#2的實體位址資訊530可指向實體塊310#1中的實體頁面510。位元組530-0紀錄實體塊310#1的編號,位元組530-1紀錄實體頁面510的編號。The space required for each T1 table can be 4KB, 8KB, 16KB, etc. Each T1 table stores the physical address information corresponding to each LBA according to the LBA order, and each LBA corresponds to a fixed-size physical storage space, such as 4KB. Referring to FIG. 5, for example, T1 table 430#0 stores physical address information from LBA#0 to LBA#4095 in sequence. The physical address information 530 can be represented by four bytes: the first two bytes 530-0 record the physical block number (Physical Block Number); the last two bytes 530-1 record the physical page number (Physical Page Number) . For example, physical address information 530 corresponding to LBA#2 may point to physical page 510 in physical block 310#1. The byte 530-0 records the number of the physical block 310#1, and the byte 530-1 records the number of the physical page 510.

參考圖6,在HPB規範中,主機端110在其系統記憶體(System Memory)中配置空間作為HPB快取600,用於暫存由裝置端維護的H2F對照表的資訊。HPB快取600儲存多個從裝置端接收的HPB項目(HPB Entries),每個HPB項目紀錄相應於一個LBA的實體位址的資訊。接著,主機端110可發出攜帶HPB項目的HPB讀取命令給裝置端,用於取得指定LBA的使用者資料。裝置端可直接根據HPB項目中的資訊來驅動控制邏輯139從閃存裝置150讀取指定LBA的使用者資料,而不需要像以前一樣得花費時間和運算資源從閃存裝置150讀取H2F對照表並進行邏輯實體位址轉換後才能從閃存裝置150讀取指定LBA的使用者資料。針對HPB快取600的建立和運用,可分為三個階段:Referring to FIG. 6 , in the HPB specification, the host 110 configures space in its system memory as the HPB cache 600 for temporarily storing the information of the H2F comparison table maintained by the device. The HPB cache 600 stores a plurality of HPB entries (HPB Entries) received from the device, and each HPB entry records information corresponding to a physical address of an LBA. Next, the host side 110 may issue an HPB read command carrying the HPB item to the device side for obtaining the user data of the designated LBA. The device side can directly drive the control logic 139 to read the user data of the specified LBA from the flash memory device 150 according to the information in the HPB item, without the need to spend time and computing resources reading the H2F comparison table from the flash memory device 150 as before. The user data of the designated LBA can be read from the flash memory device 150 only after the logical physical address translation is performed. The establishment and application of HPB cache 600 can be divided into three stages:

階段I(HBP初始化):主機端110向裝置端(詳細來說是閃存控制器130)請求取得其裝置能力並且組態HBP功能,包含HPB模式(Mode)等。Phase I (HBP initialization): The host side 110 requests the device side (specifically, the flash controller 130 ) to obtain its device capabilities and configure HBP functions, including HPB mode (Mode).

階段II(L2P快取管理):主機端110在系統記憶體中配置空間作為HPB快取600,用於儲存HPB項目。主機端110可在組態好的模式下於需要的時間點發送HPB讀取緩衝器命令(HPB READ BUFFER Command)給閃存控制器130,用於從裝置端載入指定的HPB項目。接著,主機端110將這些HPB項目儲存在HPB快取600中的一個或多個子區(Sub-Regions)。在HPB規範中,每個邏輯單元(例如區段,Partition)的LBAs分為多個HPB區域,而每個HPB區域可更細分為多個子區。例如,HPB快取600可包含N個HPB區域,而每個HPB區域可包含L個子區,其中變數”N”和”L”為正整數,用於儲存一段LBA區間的HPB項目。HPB快取600的劃分範例如表1所示: 表1 HPB子區#0     HPB區域#0 HPB子區#1 HPB區#L-1     … HPB子區#0     HPB區域#N-1 HPB子區#1 HPB區#L-1 在一些實施例中,區域和子區可設定為擁有32MB的空間,也就是說,每個區域只包含一個子區。在另一些實施例中,區域可設定為擁有32MB的空間,而子區可設定為擁有4MB、8MB或16MB的空間。也就是說,每個區域可包含八個、四個或二個子區。Phase II (L2P cache management): The host 110 allocates space in the system memory as the HPB cache 600 for storing HPB items. The host 110 can send an HPB read buffer command (HPB READ BUFFER Command) to the flash controller 130 at a required time point in the configured mode, so as to load the specified HPB item from the device. Next, the host 110 stores the HPB items in one or more sub-regions (Sub-Regions) in the HPB cache 600 . In the HPB specification, the LBAs of each logical unit (eg, Partition) are divided into multiple HPB regions, and each HPB region can be further subdivided into multiple sub-regions. For example, the HPB cache 600 may include N HPB regions, and each HPB region may include L subregions, wherein the variables "N" and "L" are positive integers for storing HPB entries of an LBA interval. The division example of HPB cache 600 is shown in Table 1: Table 1 HPB subarea #0 HPB area #0 HPB sub-region #1 HPB District #L-1 HPB subarea #0 HPB area #N-1 HPB sub-region #1 HPB District #L-1 In some embodiments, regions and subregions can be set to have 32MB of space, that is, each region contains only one subregion. In other embodiments, regions may be configured to have 32MB of space, while sub-regions may be configured to have 4MB, 8MB or 16MB of space. That is, each area may contain eight, four or two sub-areas.

階段III(HPB讀取命令):主機端110在HPB快取600的HPB項目中搜索包含欲讀取LBA的資料的實體區塊位址(Physical Block Addresses,PBAs)的HPB項目。接著,主機端110發送HPB讀取命令(HPB READ Command)給閃存控制器130,其中除了LBA、傳輸長度(TRANSFER LENGTH)等資訊外還包含HPB項目,用於從裝置端獲取指定的使用者資料。Phase III (HPB read command): The host 110 searches the HPB entries in the HPB cache 600 for HPB entries containing physical block addresses (PBAs) of the data to be read from the LBA. Next, the host side 110 sends an HPB read command (HPB READ Command) to the flash memory controller 130 , which includes HPB items in addition to the LBA, TRANSFER LENGTH and other information, for obtaining the specified user data from the device side .

然而,以往通常以明碼的方式在HPB項目中包含PBA的資訊,讓不法人員可通過主機端110窺探PBA的資訊來知道裝置端的內部資料管理方式,並且使用不正當手段來取得敏感資料(例如,系統或管理資料)。However, in the past, the PBA information was usually included in the HPB project in clear code, so that the unscrupulous person could spy on the PBA information through the host 110 to know the internal data management method of the device, and use improper means to obtain sensitive data (for example, system or management data).

HPB規範定義了兩種取得HPB項目的模式:主機控制模式(Host Control Mode)和裝置控制模式(Device Control Mode)。主機控制模式由主機端110觸發,決定哪些HPB子區需要儲存在HPB快取600;而裝置控制模式則由快閃控制器130觸發,決定哪些HPB子區需要儲存在HPB快取600。所屬技術領域人員理解,本發明實施例涵蓋這兩種或其他類似的控制模式。The HPB specification defines two modes for obtaining HPB items: Host Control Mode and Device Control Mode. The host control mode is triggered by the host 110 to determine which HPB subareas need to be stored in the HPB cache 600 ; and the device control mode is triggered by the flash controller 130 to determine which HPB subareas need to be stored in the HPB cache 600 . Those skilled in the art understand that the embodiments of the present invention cover these two or other similar control modes.

參考如圖7所示應用在主機控制模式的操作順序圖,詳細說明如下:Referring to the operation sequence diagram applied in the host control mode as shown in Figure 7, the detailed description is as follows:

操作711:主機端110決定哪些子區即將要啟動(Activated)。Operation 711: The host 110 determines which sub-regions are about to be activated (Activated).

操作713:主機端110發送HPB讀取緩衝器命令給閃存控制器130,向閃存控制器130請求決定子區的HPB項目。HPB讀取緩衝器命令可包含10個位元組,其中第0個位元組紀錄操作碼(Operation Code)“F9h”、第2和第3個位元組紀錄即將啟動HPB區域的資訊以及第4和第5個位元組紀錄即將啟動子區的資訊。Operation 713: The host 110 sends an HPB read buffer command to the flash controller 130, and requests the flash controller 130 to determine the HPB entry of the subarea. The HPB read buffer command can contain 10 bytes, of which the 0th byte records the operation code (Operation Code) "F9h", the 2nd and 3rd bytes record the information about the HPB area to be activated, and the first byte The 4th and 5th bytes record the information about the subarea to be activated.

操作715:閃存控制器130從閃存裝置150讀取特定部分的H2F對照表,把讀取的對照資訊編排成HPB項目。為了避免HPB項目中的PBA資訊被不法人員窺探而了解資料儲存的內部管理方式,閃存控制器130加密HPB項目的內容。以下段落將更詳細說明此步驟的讀取操作。Operation 715: The flash controller 130 reads the H2F comparison table of a specific part from the flash memory device 150, and arranges the read comparison information into HPB items. In order to prevent the PBA information in the HPB project from being snooped on by illegal personnel to understand the internal management mode of data storage, the flash controller 130 encrypts the content of the HPB project. The following paragraphs describe the read operation for this step in more detail.

操作717:閃存控制器130傳送資料輸入UFS協議資訊單元(DATA IN UFS Protocol Information Unit,UPIU)給主機端110,其中包含決定子區的HPB項目的加密內容,而不是明碼。Operation 717 : The flash controller 130 transmits a DATA IN UFS Protocol Information Unit (UPIU) to the host 110 , which contains the encrypted content of the HPB entry that determines the sub-region, instead of clear text.

操作719:主機端110儲存接收到的已加密HPB項目到HPB快取600中的啟動子區。Operation 719 : The host 110 stores the received encrypted HPB entry into the promoter region in the HPB cache 600 .

操作731:主機端110決定哪些區域即將要關閉(Deactivated)。在這裡需要注意的是,在HPB規範中,啟動是以子區為單位,而關閉是以區域為單位,主機端110可依據其演算法的需求決定要啟動的子區以及要關閉的區域。Operation 731 : The host 110 determines which regions are about to be deactivated. It should be noted here that in the HPB specification, startup is based on sub-areas, and shutdown is in units of regions. The host 110 can determine the sub-region to be activated and the region to be closed according to the requirements of its algorithm.

操作733:主機端110發送HPB寫入緩衝器命令(HPB WRITE BUFFER command)給閃存控制器130,向閃存控制器130通知關閉決定的區域。HPB讀取緩衝器命令可包含10個位元組,其中第0個位元組紀錄操作碼“FAh”並且在第2和第3個位元組紀錄即將關閉區域的資訊。Operation 733: The host side 110 sends an HPB write buffer command (HPB WRITE BUFFER command) to the flash memory controller 130, and notifies the flash memory controller 130 of the area determined to be closed. The HPB read buffer command may contain 10 bytes, wherein the 0th byte records the opcode "FAh" and the 2nd and 3rd bytes record the information of the area to be closed.

操作735:閃存控制器130關閉區域。舉例而言,閃存控制器130在將HPB項目傳送給主機端110之後,閃存控制器130可針對已啟動的子區對主機端110後續之讀取命令的讀取流程執行優化運作,而在收到主機端110關閉區域的通知後,閃存控制器130即可終止相應於關閉區域的相關優化運作。Operation 735: The flash controller 130 closes the region. For example, after the flash memory controller 130 transmits the HPB item to the host side 110, the flash memory controller 130 can perform an optimization operation on the read process of the subsequent read command from the host side 110 for the activated sub-area, and then After the host 110 is notified of the closed area, the flash controller 130 can terminate the relevant optimization operation corresponding to the closed area.

操作751:閃存控制器130在執行完主機寫入命令、主機抹除命令或背景操作(例如垃圾回收、磨耗平均、讀取回收、讀取刷新等程序)後,更新H2F對照表的內容,其中包含相應於啟動子區的內容。Operation 751: After executing the host write command, host erase command or background operation (such as garbage collection, wear leveling, read recovery, read refresh, etc.), the flash memory controller 130 updates the content of the H2F comparison table, wherein Contains content corresponding to the promoter region.

操作753:閃存控制器130傳送回覆UFS協議資訊單元(RESPONSE UPIU)給主機端110,其中包含建議主機端110更新上述子區的HPB項目的資訊。Operation 753 : The flash controller 130 transmits a reply UFS protocol information unit (RESPONSE UPIU) to the host 110 , which includes information suggesting that the host 110 update the HPB entry of the sub-region.

操作755和757:主機端110發送HPB讀取緩衝器命令給閃存控制器130,向閃存控制器130請求建議子區的HPB項目。Operations 755 and 757: The host side 110 sends the HPB read buffer command to the flash controller 130, and requests the flash controller 130 for the HPB entry of the proposed subarea.

操作771:閃存控制器130從閃存裝置150讀取特定部分的H2F對照表,把讀取的對照資訊編排成HPB項目。同樣的,閃存控制器130亦加密HPB項目的內容。以下段落將更詳細說明此步驟的讀取操作。Operation 771: The flash memory controller 130 reads the H2F comparison table of a specific part from the flash memory device 150, and arranges the read comparison information into HPB items. Likewise, the flash controller 130 also encrypts the contents of the HPB entry. The following paragraphs describe the read operation for this step in more detail.

操作773:閃存控制器130傳送資料輸入UPIU給主機端110,其中包含更新子區的HPB項目的加密內容,而不是明碼。Operation 773: The flash controller 130 transmits the data input UPIU to the host side 110, which contains the encrypted content of the HPB entry of the update subarea instead of clear text.

操作775:主機端110將接收到的已加密HPB項目覆寫掉HPB快取600的啟動子區中的內容。Operation 775 : the host 110 overwrites the content in the promoter region of the HPB cache 600 with the received encrypted HPB entry.

參考如圖8所示應用在裝置控制模式的操作順序圖,詳細說明如下:Referring to the operation sequence diagram applied in the device control mode as shown in Figure 8, the detailed description is as follows:

操作811:閃存控制器130決定哪些子區即將要啟動和/或哪些區域即將關閉。Operation 811: The flash controller 130 decides which sub-regions are about to be powered on and/or which regions are about to be powered off.

操作813:閃存控制器130傳送回覆UPIU給主機端110,其中建議主機端110啟動上述子區和/或關閉上述區域。Operation 813: The flash controller 130 transmits a reply UPIU to the host side 110, wherein the host side 110 is advised to activate the above-mentioned sub-area and/or close the above-mentioned area.

操作815:如果需要,主機端110從系統記憶體中捨棄那些不再有效的HPB區域的HPB項目。Operation 815: If necessary, the host 110 discards the HPB entries of those HPB regions that are no longer valid from the system memory.

操作831:如果需要,主機端110發送HPB讀取緩衝器命令給閃存控制器130,向閃存控制器130請求建議子區的HPB項目。Operation 831 : If necessary, the host side 110 sends an HPB read buffer command to the flash controller 130 to request the flash controller 130 for the HPB item of the proposed subarea.

操作833:閃存控制器130從閃存裝置150讀取特定部分的H2F對照表,把讀取的對照資訊編排成HPB項目。同樣的,閃存控制器130亦加密HPB項目的內容。以下段落將更詳細說明此步驟的讀取操作。Operation 833: The flash controller 130 reads the H2F comparison table of a specific part from the flash memory device 150, and arranges the read comparison information into HPB items. Likewise, the flash controller 130 also encrypts the contents of the HPB entry. The following paragraphs describe the read operation for this step in more detail.

操作835:閃存控制器130傳送資料輸入UPIU給主機端110,其中包含相應於上述子區的HPB項目的加密內容,而不是明碼。Operation 835: The flash controller 130 transmits the data input UPIU to the host 110, which contains the encrypted content of the HPB entry corresponding to the above-mentioned sub-area, instead of clear text.

操作837:主機端110儲存接收到的已加密HPB項目到HPB快取600中的啟動子區。Operation 837 : The host 110 stores the received encrypted HPB entry into the promoter region in the HPB cache 600 .

關於讀取操作715、771或833的技術細節可參考如圖9所示的HPB項目產生方法的流程圖,此方法由處理單元134於載入並執行相關軟體或韌體程式碼時實施,進一步說明如下:For the technical details of the read operation 715, 771 or 833, please refer to the flowchart of the HPB item generation method shown in FIG. 9. This method is implemented by the processing unit 134 when the relevant software or firmware code is loaded and executed, and further described as follows:

步驟S910:通過主機介面131從主機端110接收到如上所述的HPB讀取緩衝器命令,其中包含即將啟動子區的資訊。HPB讀取緩衝器命令向閃存控制器130請求讀取一段LBA區間的PBA。Step S910 : Receive the above-mentioned HPB read buffer command from the host terminal 110 through the host interface 131 , which includes the information of the subarea to be activated. The HPB read buffer command requests the flash controller 130 to read a PBA of an LBA interval.

步驟S920:通過控制邏輯139從閃存裝置150讀取相應於啟動子區的特定T1表和T2表。Step S920 : Read the specific T1 table and T2 table corresponding to the promoter region from the flash memory device 150 through the control logic 139 .

步驟S930:根據T1表和T2表的內容編排HPB項目。所屬技術領域技術人員理解HPB規範的每個HPB項目的長度(例如8位元組)可能大於T1表中紀錄的關聯於每個LBA的實體位址資訊的長度(例如4位元組)。因此,在一些實施例中,除了每個LBA的實體位址資訊(也就是T1表中紀錄的此LBA的PBA資訊)外,處理單元134可在HPB項目的剩餘空間添加虛假值(Dummy Values)來填滿HPB項目。在另一些實施例中,除了每個LBA的實體位址資訊外,處理單元134依據不同的系統需要在HPB項目的剩餘空間添加其他資訊,用於加速將來的HPB讀取操作。Step S930: Arrange HPB items according to the contents of the T1 table and the T2 table. Those skilled in the art understand that the length (eg, 8 bytes) of each HPB entry of the HPB specification may be larger than the length (eg, 4 bytes) of the physical address information associated with each LBA recorded in the T1 table. Therefore, in some embodiments, in addition to the physical address information of each LBA (that is, the PBA information of the LBA recorded in the T1 table), the processing unit 134 may add dummy values (Dummy Values) to the remaining space of the HPB entry. to fill the HPB project. In other embodiments, in addition to the physical address information of each LBA, the processing unit 134 adds other information to the remaining space of the HPB item according to different system requirements, so as to speed up future HPB read operations.

在一些實施例中,處理單元134可在每個8位元組的HPB項目填入4位元組的T1表的相應PBA資訊和4位元組的T2表的相應PBA資訊。T1表的PBA資訊指出關聯於特定LBA實際存在閃存裝置150中的何處的資訊,而T2表的PBA資訊指出此T1表實際存在閃存裝置150中的何處的資訊。T2表的PBA資訊可在將來被裝置端檢查是否此HPB項目無效。如果將來從HPB讀取命令中獲得的HPB項目所包含的T2表的PBA資訊不符合相應T1表實際儲存在閃存裝置150的位址時,處理單元134判定此HPB項目是無效的。HPB項目的範例如表2所示: 表2 HPB項目編號 T2表的PBA資訊 (4位元組) T1表的PBA資訊 (4位元組) 0 0x00004030 0x0000A000 1 0x00004030 0x0000A001 2 0x00004030 0x0000A002 3 0x00004030 0x0000A003 4 0x00004030 0x0000A004 5 0x00004030 0x0000A005 6 0x00004030 0x0000B009 7 0x00004030 0x0000A007 8 0x00004030 0x0000A008 9 0x00004030 0x0000A009 10 0x00004030 0x0000A00A 11 0x00004030 0x0000B00A 12 0x00004030 0x0000A00C In some embodiments, the processing unit 134 may populate each octet of HPB entries with corresponding PBA information of the 4-byte T1 table and corresponding PBA information of the 4-byte T2 table. The PBA information of the T1 table indicates the information associated with where in the flash memory device 150 a particular LBA is actually stored, and the PBA information of the T2 table indicates the information of where in the flash memory device 150 this T1 table is actually stored. The PBA information of the T2 table can be checked by the device in the future whether the HPB entry is invalid. If the PBA information of the T2 table included in the HPB entry obtained from the HPB read command in the future does not match the address of the corresponding T1 table actually stored in the flash memory device 150, the processing unit 134 determines that the HPB entry is invalid. Examples of HPB projects are shown in Table 2: Table 2 HPB item number PBA information of T2 table (4 bytes) PBA information for T1 table (4 bytes) 0 0x00004030 0x0000A000 1 0x00004030 0x0000A001 2 0x00004030 0x0000A002 3 0x00004030 0x0000A003 4 0x00004030 0x0000A004 5 0x00004030 0x0000A005 6 0x00004030 0x0000B009 7 0x00004030 0x0000A007 8 0x00004030 0x0000A008 9 0x00004030 0x0000A009 10 0x00004030 0x0000A00A 11 0x00004030 0x0000B00A 12 0x00004030 0x0000A00C

在另一些實施例中,處理單元134可在每個8位元組的HPB項目填入28位元的T1表的相應PBA資訊、24位元的T2表的相應PBA資訊和12位元的連續長度(Continuous Length)。連續長度指出在此LBA之後有多少個LBA的資料是連續性地儲存在閃存裝置150中的實體位址。所以,一個HPB項目能夠表達T1表中多個連續PBA的資訊。HPB項目的範例如表3所示: 表3 HPB項目編號 連續長度(12位元) T2表的PBA資訊(24位元) T1表的PBA資訊(28位元) 0 0x5 0x004030 0x000A000 1 0x4 0x004030 0x000A001 2 0x3 0x004030 0x000A002 3 0x2 0x004030 0x000A003 4 0x1 0x004030 0x000A004 5 0x0 0x004030 0x000A005 6 0x0 0x004030 0x000B009 7 0x3 0x004030 0x000A007 8 0x2 0x004030 0x000A008 9 0x1 0x004030 0x000A009 10 0x0 0x004030 0x000A00A 11 0x0 0x004030 0x000B00A 12 0x3 0x004030 0x000A00C 13 0x2 0x004030 0x000A00D 14 0x1 0x004030 0x000A00E 15 0x0 0x004030 0x000A00F 假設表3中的第0個HPB項目關聯於LBA”0x001000”:第0個HPB項目指出在LBA”0x001000”之後有五個LBA的使用者資料是連續性地儲存在閃存裝置150中的實體位址。詳細來說,LBA”0x001000”至LBA”0x001005”的資料分別儲存在閃存裝置150中的PBA”0x00A000”至PBA”0x00A005”。處理單元134將來能夠根據第0個HPB項目中攜帶的資訊讀取六個LBA”0x001000”至”0x001005”的使用者資料。如果HPB讀取命令指出欲讀取的LBA為”0x001000”並且傳輸長度小於或等於”6”時,處理單元134不需要再從閃存裝置150中讀取對應部分的H2F對照表。In other embodiments, the processing unit 134 may fill in the corresponding PBA information of the 28-bit T1 table, the corresponding PBA information of the 24-bit T2 table, and the 12-bit continuous Length (Continuous Length). The continuation length indicates how many LBAs following the LBA are consecutively stored in the physical addresses of the flash memory device 150 . Therefore, one HPB entry can express information for multiple consecutive PBAs in the T1 table. Examples of HPB projects are shown in Table 3: Table 3 HPB item number Consecutive length (12 bits) PBA information for T2 form (24 bits) PBA information for T1 form (28 bits) 0 0x5 0x004030 0x000A000 1 0x4 0x004030 0x000A001 2 0x3 0x004030 0x000A002 3 0x2 0x004030 0x000A003 4 0x1 0x004030 0x000A004 5 0x0 0x004030 0x000A005 6 0x0 0x004030 0x000B009 7 0x3 0x004030 0x000A007 8 0x2 0x004030 0x000A008 9 0x1 0x004030 0x000A009 10 0x0 0x004030 0x000A00A 11 0x0 0x004030 0x000B00A 12 0x3 0x004030 0x000A00C 13 0x2 0x004030 0x000A00D 14 0x1 0x004030 0x000A00E 15 0x0 0x004030 0x000A00F Assuming that the 0th HPB entry in Table 3 is associated with the LBA "0x001000": the 0th HPB entry indicates that the user data of five LBAs after the LBA "0x001000" are physical bits continuously stored in the flash memory device 150 site. Specifically, the data of LBA "0x001000" to LBA "0x001005" are stored in PBA "0x00A000" to PBA "0x00A005" in the flash memory device 150, respectively. In the future, the processing unit 134 can read the user data of the six LBAs "0x001000" to "0x001005" according to the information carried in the 0th HPB entry. If the HPB read command indicates that the LBA to be read is "0x001000" and the transfer length is less than or equal to "6", the processing unit 134 does not need to read the corresponding part of the H2F comparison table from the flash memory device 150.

在更另一些實施例中,處理單元134可在每個8位元組的HPB項目填入28位元的T1表的相應PBA資訊、24位元的T2表的相應PBA資訊和12位元的連續位元表(Continuous Bit Table)。連續位元表用來表示此LBA的多個後續LBA(例如,12個後續LBA)的PBA連續性。例如,12個位元分別相應於12個後續LBA。HPB項目的範例如表4所示: 表4 HPB項目編號 連續位元表(12位元) T2表的PBA資訊(24位元) T1表的PBA資訊(28位元) 0 0xBDF (101111011111) 0x004030 0x000A000 1 0xDEF (110111101111) 0x004030 0x000A001 2 0xEF7 (111011110111) 0x004030 0x000A002 3 0xF7B (111101111011) 0x004030 0x000A003 4 0x004030 0x000A004 假設表4中的第0個HPB項目關聯於LBA”0x001000”: 第0個HPB項目的連續位元表指出LBA”0x001001”至”0x00100C”的PBA連續性。理想情況下,LBA”0x001001”至”0x00100C”的資料應該要分別儲存在閃存裝置150的PBA”0x000A001”至”0x000A00C”。每個位元的值為”0”時代表相應LBA的資料沒有儲存在理想的PBA,而每個位元的值為”1”時代表相應LBA的資料儲存在理想的PBA。所以,依據第0個HPB項目,處理單元134將來能夠預測連續位元為”1”的PBA並從閃存裝置150的PBA讀取LBA的資料,但忽略連續位元為”0”的PBA。舉例來說,如果主機裝置110發送HPB讀取命令,其中的參數攜帶第0個HPB項目並且傳輸長度為”9”,用於請求LBA”0x001000”至”0x001008”的使用者資料。處理單元134獲取HPB讀取命令的第0個HPB項目中的連續位元表,並且在解碼連續位元表後預測出LBA”0x001000”至”0x001005”及LBA”0x001007”至”0x001008”的資料實際儲存在閃存裝置150的PBA,而不需要從閃存裝置150載入H2F對照表。在只有少數斷點的案例中,能夠減少從閃存裝置150載入T1表的特定PBA資訊的次數。In still other embodiments, the processing unit 134 may fill in the corresponding PBA information of the 28-bit T1 table, the corresponding PBA information of the 24-bit T2 table, and the corresponding PBA information of the 12-bit T2 table in each 8-byte HPB entry. Continuous Bit Table. The contiguous bit table is used to represent the PBA continuity of multiple subsequent LBAs (eg, 12 subsequent LBAs) of this LBA. For example, 12 bits respectively correspond to 12 subsequent LBAs. Examples of HPB projects are shown in Table 4: Table 4 HPB item number Consecutive bit table (12 bits) PBA information for T2 form (24 bits) PBA information for T1 form (28 bits) 0 0xBDF (101111011111) 0x004030 0x000A000 1 0xDEF (110111101111) 0x004030 0x000A001 2 0xEF7 (111011110111) 0x004030 0x000A002 3 0xF7B (111101111011) 0x004030 0x000A003 4 0x004030 0x000A004 Assuming that the 0th HPB entry in Table 4 is associated with the LBA "0x001000": The contiguous bit table of the 0th HPB entry indicates the PBA continuity of LBAs "0x001001" to "0x00100C". Ideally, the data of LBA "0x001001" to "0x00100C" should be stored in PBA "0x000A001" to "0x000A00C" of flash device 150, respectively. When the value of each bit is "0", it means that the data of the corresponding LBA is not stored in the ideal PBA, and when the value of each bit is "1", it means that the data of the corresponding LBA is stored in the ideal PBA. Therefore, according to the 0th HPB entry, the processing unit 134 can predict PBAs with consecutive bits of "1" in the future and read LBA data from the PBA of the flash device 150, but ignore PBAs with consecutive bits of "0". For example, if the host device 110 sends an HPB read command, the parameter carries the 0th HPB entry and the transmission length is "9", which is used to request the user data of LBA "0x001000" to "0x001008". The processing unit 134 obtains the consecutive bit table in the 0th HPB entry of the HPB read command, and predicts the data of LBA "0x001000" to "0x001005" and LBA "0x001007" to "0x001008" after decoding the consecutive bit table The PBA actually stored in the flash device 150 does not need to load the H2F lookup table from the flash device 150 . In cases where there are only a few breakpoints, the number of times the specific PBA information of the T1 table is loaded from the flash device 150 can be reduced.

步驟S940:儲存原始HPB項目到RAM 136。參考圖10,RAM 136可配置空間給原始項目區1010,可為一段連續的記憶體位址的空間。處理單元134可依據LBA的順序依序儲存原始HPB項目到RAM 136中的原始項目區1010。Step S940 : Store the original HPB entry in the RAM 136 . Referring to FIG. 10, the RAM 136 may allocate space to the original project area 1010, which may be a space of contiguous memory addresses. The processing unit 134 may sequentially store the original HPB entries to the original entry area 1010 in the RAM 136 according to the order of the LBAs.

步驟S950:加密HPB項目並儲存加密後的HPB項目到RAM 136。參考圖10,RAM 136可配置空間給加密項目區1020,可為一段連續的記憶體位址的空間。在如圖1所示的架構中,處理單元134可設定編碼解碼器138中的寄存器來驅動編碼解碼器138,從RAM 136的原始項目區1010中讀取如上所述HPB項目的內容,依據設定參數對HPB項目加密,並且儲存加密後的HPB項目到RAM 136中的加密項目區1020。編碼解碼器138執行完HPB項目的加密後,發出中斷(Interrupt)給處理單元134,通知加密完成的訊息,使得處理單元134可繼續處理加密後HPB項目。或者是,在如圖2所示的架構中,處理單元134可載入並執行加密模組的程式碼,來完成如上所述的操作。Step S950 : Encrypt the HPB item and store the encrypted HPB item in the RAM 136 . Referring to FIG. 10, RAM 136 may allocate space for encrypted entry area 1020, which may be a space of contiguous memory addresses. In the architecture shown in FIG. 1, the processing unit 134 can set the registers in the codec 138 to drive the codec 138, and read the content of the HPB entry as described above from the original entry area 1010 of the RAM 136, according to the setting The parameters encrypt the HPB entry, and store the encrypted HPB entry in the encrypted entry area 1020 in the RAM 136 . After the codec 138 finishes encrypting the HPB item, it sends an interrupt (Interrupt) to the processing unit 134 to notify the encryption completion message, so that the processing unit 134 can continue to process the encrypted HPB item. Alternatively, in the architecture shown in FIG. 2 , the processing unit 134 can load and execute the code of the encryption module to complete the above-mentioned operations.

可用的加密演算法舉例如下:在一些實施例中,處理單元134或編碼解碼器138將HPB項目的內容向左或向右循環位移n個位元,n代表1到63的的任意整數。在另一些實施例中,處理單元134或編碼解碼器138將HPB項目的內容加上預設的鍵值。在更另一些實施例中,處理單元134或編碼解碼器138將HPB項目的內容和預設的鍵值進行互斥或(Exclusive OR,XOR)運算。在更另一些實施例中,處理單元134或編碼解碼器138以預設規則進行亂序(Randomization)。例如,預設規則可為HPB項目的第i個位元和第63-i個位元交換,i從” 0”到”31”。Examples of available encryption algorithms are as follows: In some embodiments, processing unit 134 or codec 138 cyclically shifts the contents of the HPB entry left or right by n bits, where n represents any integer from 1-63. In other embodiments, the processing unit 134 or the codec 138 adds a preset key value to the content of the HPB item. In other embodiments, the processing unit 134 or the codec 138 performs an exclusive OR (XOR) operation on the content of the HPB item and a preset key value. In still other embodiments, the processing unit 134 or the codec 138 performs randomization according to preset rules. For example, the preset rule may be the i-th bit and the 63-i-th bit swap of the HPB item, i from "0" to "31".

為了更加強資料安全性,一個子區的HPB項目可依據LBA分成數個群,並分別使用不同的加密演算法和相應加密參數加密不同群的HPB項目。HPB項目分群規則範例如下:在一些實施例中, HPB項目關聯的LBA可先除以一個值,並且根據其商數(Quotients)對HPB項目分群。假設此值設為”100”:第一群包含LBA#0~99的HPB項目,第二群包含LBA#100~199的HPB項目,依此類推。在另一些實施例中, HPB項目關聯的LBA可先除以一個值,並且根據其餘數(Remainders)對HPB項目分群。假設此值設為”100”:第一群包含LBA#0、LBA#100、LBA#200等的HPB項目,第二群包含LBA#1、LBA#101、LBA#201等的HPB項目,依此類推。In order to strengthen the data security, the HPB items of a sub-area can be divided into several groups according to the LBA, and use different encryption algorithms and corresponding encryption parameters to encrypt the HPB items of different groups. An example of the HPB item grouping rule is as follows: In some embodiments, the LBA associated with the HPB item may be first divided by a value, and the HPB items are grouped according to their Quotients. Suppose this value is set to "100": the first group contains HPB items of LBA#0~99, the second group contains HPB items of LBA#100~199, and so on. In other embodiments, the LBA associated with the HPB items may be first divided by a value, and the HPB items are grouped according to the remaining numbers (Remainders). Suppose this value is set to "100": the first group contains HPB items such as LBA#0, LBA#100, LBA#200, etc., and the second group contains HPB items such as LBA#1, LBA#101, LBA#201, etc. And so on.

在一些實施例中,不同群的HPB項目可使用相同的加密演算法但分別帶入不同的加密參數。例如,第一群的每個HPB項目的內容向左循環位移1個位元,第二群的每個HPB項目的內容向右循環位移2個位元,第三群的每個HPB項目的內容向左循環位移3個位元,依此類推。或者,第一群的每個HPB項目的內容加上第一值或與第一值進行XOR運算,第二群的每個HPB項目的內容加上第二值或與第二值進行XOR運算,第三群的每個HPB項目的內容加上第三值或與第三值進行XOR運算,依此類推。又或者,第一群的每個HPB項目的內容以第一規則進行亂序,第二群的每個HPB項目的內容以第二規則進行亂序,第三群的每個HPB項目的內容以第三規則進行亂序,依此類推。In some embodiments, different groups of HPB items may use the same encryption algorithm but bring in different encryption parameters. For example, the content of each HPB item of the first group is rotated 1 bit to the left, the content of each HPB item of the second group is rotated 2 bits to the right, and the content of each HPB item of the third group Rotate 3 bits to the left, and so on. Alternatively, the content of each HPB item of the first group is added with the first value or XORed with the first value, and the content of each HPB item of the second group is added with the second value or XORed with the second value, The content of each HPB item of the third group is added to or XORed with the third value, and so on. Or, the content of each HPB item of the first group is shuffled according to the first rule, the content of each HPB item of the second group is shuffled according to the second rule, and the content of each HPB item of the third group is shuffled according to the second rule. The third rule goes out of order, and so on.

在另一些實施例中,不同群的HPB項目可分別使用不同的加密演算法並帶入適當的加密參數。例如,第一群的每個HPB項目的內容向左循環位移n個位元,第二群的每個HPB項目的內容與預設值進行XOR運算,第三群的每個HPB項目的內容加上特定值,第四群的每個HPB項目的內容以預設規則進行亂序,依此類推。In other embodiments, different groups of HPB items may use different encryption algorithms and bring appropriate encryption parameters. For example, the content of each HPB item of the first group is rotated by n bits to the left, the content of each HPB item of the second group is XORed with the preset value, and the content of each HPB item of the third group is added On a specific value, the content of each HPB item of the fourth group is shuffled according to the preset rules, and so on.

在一些實施例中,處理單元134可在RAM 136中儲存群加密對照表(Group-and-encryption Mapping Table),包含多個組態紀錄。每個組態紀錄儲存資訊,指出特定群的HPB項目使用哪個加密演算法及相應加密參數。在另一些實施例中,類似群加密對照表的資訊也可以嵌入在處理單元134執行的程式邏輯中,本發明並不因此受限。In some embodiments, the processing unit 134 may store a Group-and-encryption Mapping Table in the RAM 136, including a plurality of configuration records. Each configuration record stores information indicating which encryption algorithm and corresponding encryption parameters are used by a particular group of HPB items. In other embodiments, the information similar to the group encryption lookup table can also be embedded in the program logic executed by the processing unit 134, and the present invention is not limited thereby.

步驟S960:從RAM 136中的加密項目區1020讀取加密後的HPB項目,並且傳送資料輸入UPIU給主機端110,其中包含加密後的HPB項目。當HPB項目的內容被加密時,不法人員不能夠通過主機端110來理解HPB項目的內容並據以知道裝置端的內部資料管理方式,可以避免不法人員使用不正當手段來取得敏感資料。雖然HPB項目是加密過的,但是主機端110只要將來在HPB讀取命令中攜帶這些加密過的HPB項目,依然可以從裝置端獲取想要的使用者資料。Step S960: Read the encrypted HPB entry from the encrypted entry area 1020 in the RAM 136, and transmit the data input UPIU to the host 110, which contains the encrypted HPB entry. When the content of the HPB item is encrypted, the unscrupulous person cannot understand the content of the HPB item through the host 110 and know the internal data management method of the device side accordingly, which can prevent the unscrupulous person from using improper means to obtain sensitive information. Although the HPB items are encrypted, the host 110 can still obtain the desired user data from the device as long as the encrypted HPB items are carried in the HPB read command in the future.

參考如圖11所示的HPB資料讀取的操作順序圖,詳細說明如下:Referring to the operation sequence diagram of HPB data reading as shown in Figure 11, the detailed description is as follows:

操作1110:主機端110從HPB快取600獲取相應於欲讀取LBA的HPB項目。需要注意的是,這些HPB項目的內容是已經加密過的。Operation 1110 : the host 110 obtains the HPB entry corresponding to the LBA to be read from the HPB cache 600 . It should be noted that the contents of these HPB items are already encrypted.

操作1120:主機端110發送HPB讀取命令給閃存控制器130,向閃存控制器130請求指定LBA的使用者資料,其中包含LBA、傳輸長度和HPB項目。Operation 1120: The host 110 sends an HPB read command to the flash controller 130, and requests the flash controller 130 for the user data of the specified LBA, which includes the LBA, the transfer length and the HPB item.

操作1130:閃存控制器130解密HPB項目的內容,依據HPB項目的T1表的PBA資訊(如果需要的話,加上連續長度或連續位元表)從閃存裝置150讀取請求的使用者資料。Operation 1130: The flash controller 130 decrypts the content of the HPB entry, and reads the requested user data from the flash device 150 according to the PBA information of the T1 table of the HPB entry (plus the run length or run bit table if necessary).

操作1140:閃存控制器130傳送資料輸入UPIU給主機端110,其中包含請求的使用者資料。Operation 1140: The flash controller 130 transmits the data input UPIU to the host 110, which includes the requested user data.

操作1150:主機端110依據作業系統、驅動程式、應用程式等的需要處理這些使用者資料。Operation 1150: The host 110 processes the user data according to the needs of the operating system, drivers, applications, and the like.

關於讀取操作1130的技術細節可參考如圖12所示的資料讀取方法的流程圖,此方法由處理單元134於載入並執行相關軟體或韌體程式碼時實施,進一步說明如下:For the technical details of the reading operation 1130, please refer to the flowchart of the data reading method shown in FIG. 12. This method is implemented by the processing unit 134 when the relevant software or firmware code is loaded and executed, and the further description is as follows:

步驟S1210:通過主機介面131從主機端110收到HPB讀取命令,其中包含LBA、傳輸長度和HPB項目等資訊。參考圖10,RAM 136可配置空間給接收項目區1030,可為一段連續的記憶體位址的空間,用於儲存接收到的HPB項目。Step S1210: Receive an HPB read command from the host 110 through the host interface 131, which includes information such as LBA, transmission length and HPB item. Referring to FIG. 10, the RAM 136 may allocate space to the receiving item area 1030, which may be a space of a continuous memory address for storing the received HPB items.

步驟S1220:如果原來的HPB項目有實施分群加密時,依據HPB讀取命令中的LBA得到其屬於的群。取得LBA所屬群的技術細節可參考步驟S950的說明,為求簡明不再贅述。如果原來的HPB項目沒有實施分群加密,可以忽略此步驟。Step S1220: If the original HPB item has implemented group encryption, the group to which it belongs is obtained according to the LBA in the HPB read command. For the technical details of obtaining the group to which the LBA belongs, reference may be made to the description of step S950, which will not be repeated for brevity. If the original HPB project did not implement cluster encryption, this step can be ignored.

步驟S1230:使用相應的解密演算法和解密參數解密HPB項目。以上所述的解密演算法和解密參數是原來加密HPB項目所使用的加密演算法和加密參數的逆向程序(Reverse Process),用於回復出原始的HPB項目。例如,如果加密演算法將原始HPB項目循環左移2個位元,則解密演算法將加密HPB項目循環右移2個位元。如果加密演算法將原始HPB項目加上特定值,則解密演算法將加密HPB項目減去特定值。如果加密演算法將原始HPB項目與特定值進行XOR運算,則解密演算法將加密HPB項目再進行XOR運算一次。如果加密演算法使用預設規則將原始HPB項目進行亂序,則解密演算法使用預設規則將原始HPB項目進行反亂序。在一些實施例中,如果原來的HPB項目實施分群加密,則處理單元134查找RAM 136中的群加密對照表來獲得此LBA所屬群的加密演算法和加密參數,接著使用相應解密演算法和解密參數進行解密。Step S1230: Decrypt the HPB item using the corresponding decryption algorithm and decryption parameters. The decryption algorithm and decryption parameters described above are the reverse process (Reverse Process) of the encryption algorithm and encryption parameters used to encrypt the original HPB item, and are used to restore the original HPB item. For example, if the encryption algorithm rotates the original HPB item to the left by 2 bits, the decryption algorithm rotates the encrypted HPB item to the right by 2 bits. If the encryption algorithm adds a certain value to the original HPB item, the decryption algorithm will encrypt the HPB item minus the certain value. If the encryption algorithm XORed the original HPB entry with a specific value, the decryption algorithm XORed the encrypted HPB entry one more time. If the encryption algorithm uses the preset rules to shuffle the original HPB items, the decryption algorithm uses the preset rules to unshuffle the original HPB items. In some embodiments, if the original HPB item implements group encryption, the processing unit 134 looks up the group encryption lookup table in the RAM 136 to obtain the encryption algorithm and encryption parameters of the group to which the LBA belongs, and then uses the corresponding decryption algorithm and decryption parameters are decrypted.

參考圖10,RAM 136可配置空間給解密項目區1040,可為一段連續的記憶體位址的空間。在如圖1所示的架構中,處理單元134可設定編碼解碼器138中的寄存器來驅動編碼解碼器138,從RAM 136的接收項目區1030中讀取如上所述HPB項目的內容,依據設定參數對HPB項目解密,並且儲存解密後的HPB項目到RAM 136中的解密項目區1040。編碼解碼器138執行完HPB項目的解密後,發出中斷給處理單元134,通知解密完成的訊息,使得處理單元134可繼續處理解密後HPB項目。或者是,在如圖2所示的架構中,處理單元134可載入並執行解密模組的程式碼,來完成如上所述的操作。Referring to FIG. 10, RAM 136 may allocate space for decryption item area 1040, which may be a space of contiguous memory addresses. In the architecture shown in FIG. 1, the processing unit 134 can set the registers in the codec 138 to drive the codec 138, and read the content of the HPB entry as described above from the receive entry area 1030 of the RAM 136, according to the setting The parameter decrypts the HPB entry and stores the decrypted HPB entry in the decrypted entry area 1040 in the RAM 136 . After the codec 138 finishes decrypting the HPB item, it sends an interrupt to the processing unit 134 to notify the decryption completion message, so that the processing unit 134 can continue to process the decrypted HPB item. Alternatively, in the architecture shown in FIG. 2 , the processing unit 134 can load and execute the code of the decryption module to complete the above-mentioned operations.

步驟S1240:判斷HPB項目是否有效。如果是,則流程繼續進行步驟S1250的處理;否則,繼續進行步驟S1270的處理。如果原始HPB項目中不包含T2表的資訊,則此步驟可以忽略。處理單元134可判斷解密後HPB項目包含的T2表的PBA資訊是否符合相應T1表實際儲存在閃存裝置150的位址,如果符合則代表此HPB項目有效。Step S1240: Determine whether the HPB item is valid. If so, the flow continues to the process of step S1250; otherwise, the process continues to the process of step S1270. This step can be ignored if the original HPB item does not contain T2 form information. The processing unit 134 can determine whether the PBA information of the T2 table included in the decrypted HPB entry matches the address of the corresponding T1 table actually stored in the flash memory device 150 , and if it matches, it means that the HPB entry is valid.

步驟S1250:根據解密後HPB項目的T1表的PBA資訊通過控制邏輯139從閃存裝置150的PBA讀取請求LBA的使用者資料。Step S1250 : Read the user data of the requesting LBA from the PBA of the flash memory device 150 through the control logic 139 according to the PBA information of the T1 table of the decrypted HPB entry.

步驟S1260:通過主機介面131傳送一個或多個資料輸入UPIU給主機端110,其中包含讀出的使用者資料。Step S1260: Send one or more data input UPIUs to the host 110 through the host interface 131, including the read user data.

步驟S1270:通過主機介面131傳送回覆UPIU給主機端110,指出讀取失敗的訊息。在另一些實施例中,回覆UPIU可包含建議主機端110更新相應子區的HPB項目的資訊,使得主機端110能夠開始如上所述的發送操作755和757。Step S1270: Send a reply UPIU to the host 110 through the host interface 131, indicating that the reading fails. In other embodiments, the reply UPIU may include information suggesting that the host 110 update the HPB entry of the corresponding subregion, so that the host 110 can start the sending operations 755 and 757 as described above.

本發明所述的方法中的全部或部分步驟可以計算機指令實現,例如儲存裝置中的韌體轉換層(Firmware Translation Layer,FTL)、特定硬體的驅動程式等。此外,也可實現於其他類型程式。所屬技術領域具有通常知識者可將本發明實施例的方法撰寫成計算機指令,為求簡潔不再加以描述。依據本發明實施例方法實施的計算機指令可儲存於適當的電腦可讀取媒體,例如DVD、CD-ROM、USB碟、硬碟,亦可置於可通過網路(例如,網際網路,或其他適當載具)存取的網路伺服器。All or part of the steps in the method of the present invention can be implemented by computer instructions, such as a firmware translation layer (Firmware Translation Layer, FTL) in a storage device, a driver for a specific hardware, and the like. In addition, it can also be implemented in other types of programs. Those skilled in the art can compose the methods of the embodiments of the present invention into computer instructions, which will not be described for brevity. Computer instructions for implementing methods according to embodiments of the present invention may be stored in a suitable computer-readable medium, such as DVD, CD-ROM, USB disk, hard disk, or may be other suitable vehicles) to access the web server.

雖然圖1至圖3中包含了以上描述的元件,但不排除在不違反發明的精神下,使用更多其他的附加元件,已達成更佳的技術效果。此外,雖然圖9、圖12的流程圖採用指定的順序來執行,但是在不違反發明精神的情況下,熟習此技藝人士可以在達到相同效果的前提下,修改這些步驟間的順序,所以,本發明並不侷限於僅使用如上所述的順序。此外,熟習此技藝人士亦可以將若干步驟整合為一個步驟,或者是除了這些步驟外,循序或平行地執行更多步驟,本發明亦不因此而侷限。Although the above-described elements are included in FIGS. 1 to 3 , it is not excluded that more other additional elements can be used to achieve better technical effects without departing from the spirit of the invention. In addition, although the flowcharts of Fig. 9 and Fig. 12 are executed in the specified order, those skilled in the art can modify the order of these steps under the premise of achieving the same effect without violating the spirit of the invention. Therefore, The present invention is not limited to using only the sequence described above. In addition, those skilled in the art can also integrate several steps into one step, or in addition to these steps, perform more steps sequentially or in parallel, and the present invention is not limited thereby.

雖然本發明使用以上實施例進行說明,但需要注意的是,這些描述並非用以限縮本發明。相反地,此發明涵蓋了熟習此技藝人士顯而易見的修改與相似設置。所以,申請權利要求範圍須以最寬廣的方式解釋來包含所有顯而易見的修改與相似設置。Although the present invention is described using the above embodiments, it should be noted that these descriptions are not intended to limit the present invention. On the contrary, this invention covers modifications and similar arrangements obvious to those skilled in the art. Therefore, the scope of the appended claims is to be construed in the broadest manner so as to encompass all obvious modifications and similar arrangements.

10,20:電子裝置 110:主機端 130,230:閃存控制器 131:主機介面 132:匯流排 134:處理單元 135:唯讀記憶體 136:隨機存取記憶體 138:編碼解碼器 139:控制邏輯 150:閃存裝置 151:介面 153#0~153#15:NAND閃存單元 CH#0~CH#3:通道 CE#0~CE#3:致能訊號 310#1:實體塊 410:T2表 430#0~430#15:T1表 510:實體頁面 530:實體位址資訊 530-0:實體塊編號 530-1:實體頁面編號 600:HPB快取 711~775,811~837,1110~1150:操作 S910~S960,S1210~S1270:方法步驟 1010~1040:記憶體空間10,20: Electronic Devices 110: Host side 130,230: Flash Controller 131:Host Interface 132: Busbar 134: Processing unit 135: read-only memory 136: Random Access Memory 138: Codec 139: Control Logic 150: Flash device 151: Interface 153#0~153#15: NAND flash memory unit CH#0~CH#3: Channel CE#0~CE#3: Enable signal 310#1: Solid Block 410:T2 table 430#0~430#15: T1 table 510: Entity page 530: Physical address information 530-0: Entity block number 530-1: Entity page number 600:HPB cache 711~775, 811~837, 1110~1150: Operation S910~S960, S1210~S1270: method steps 1010~1040: Memory space

圖1和圖2為依據本發明實施例的電子裝置的系統架構圖。1 and 2 are system architecture diagrams of an electronic device according to an embodiment of the present invention.

圖3為依據本發明實施例的閃存裝置的示意圖。FIG. 3 is a schematic diagram of a flash memory device according to an embodiment of the present invention.

圖4為依據本發明實施例的T1表和T2表之間的關聯示意圖。FIG. 4 is a schematic diagram of the association between the T1 table and the T2 table according to an embodiment of the present invention.

圖5為依據本發明實施例的T1表和實體頁面之間的關聯示意圖。FIG. 5 is a schematic diagram of an association between a T1 table and an entity page according to an embodiment of the present invention.

圖6為依據本發明實施例的主機性能增強器(Host Performance Booster,HPB)快取的建立與運用示意圖。FIG. 6 is a schematic diagram of establishment and application of a Host Performance Booster (HPB) cache according to an embodiment of the present invention.

圖7為依據本發明實施例的應用在主機控制模式的操作順序圖。FIG. 7 is an operation sequence diagram of an application in a host control mode according to an embodiment of the present invention.

圖8為依據本發明實施例的應用在裝置控制模式的操作順序圖。FIG. 8 is an operation sequence diagram of an application in a device control mode according to an embodiment of the present invention.

圖9為依據本發明實施例的產生HPB項目的方法流程圖。FIG. 9 is a flowchart of a method for generating an HPB item according to an embodiment of the present invention.

圖10為依據本發明實施例的記憶體空間配置的示意圖。FIG. 10 is a schematic diagram of a memory space configuration according to an embodiment of the present invention.

圖11為依據本發明實施例的HPB資料讀取的操作順序圖。FIG. 11 is an operation sequence diagram of reading HPB data according to an embodiment of the present invention.

圖12為依據本發明實施例的資料讀取的方法流程圖。FIG. 12 is a flowchart of a data reading method according to an embodiment of the present invention.

S910~S960:方法步驟S910~S960: method steps

Claims (13)

一種加密和解密實體位址資訊的方法,由一閃存控制器執行,包含: 從一主機端接收到一第一讀取命令,請求獲取相應於一段邏輯區塊位址區間的多個第一實體區塊位址,其中,每個上述第一實體區塊位址指出上述邏輯區塊位址區間中的一第一邏輯區塊位址的使用者資料實際儲存在一閃存裝置中的哪裡; 從上述閃存裝置讀取相應於上述邏輯區塊位址區間的上述第一實體區塊位址; 將上述第一實體區塊位址編排入多個項目; 使用一加密演算法和一加密參數加密每個上述項目的內容以獲得一加密後項目;以及 傳送上述加密後項目給上述主機端,使得上述主機端能夠發送攜帶上述加密後項目的一第二讀取命令給上述閃存控制器,請求讀取上述加密後項目中的一第二實體區塊位址的一使用者資料。A method of encrypting and decrypting physical address information, executed by a flash memory controller, includes: A first read command is received from a host, requesting to obtain a plurality of first physical block addresses corresponding to a logical block address range, wherein each of the first physical block addresses indicates the logic where the user data of a first logical block address in the block address interval is actually stored in a flash memory device; read the first physical block address corresponding to the logical block address interval from the flash memory device; Arranging the above-mentioned first physical block address into a plurality of items; encrypting the content of each of the above items using an encryption algorithm and an encryption parameter to obtain an encrypted item; and Send the above-mentioned encrypted project to the above-mentioned host terminal, so that the above-mentioned host terminal can send a second read command carrying the above-mentioned encrypted project to the above-mentioned flash memory controller, requesting to read a second physical block bit in the above-mentioned encrypted project A user profile for the address. 如請求項1所述的加密和解密實體位址資訊的方法,包含: 從上述主機端接收上述第二讀取命令; 使用一解密演算法和一解密參數解密上述第二讀取命令中的上述加密後項目以獲得一解密後項目,其中上述解密演算法和上述解密參數是上述加密演算法和上述加密參數的逆向程序; 從上述解密後項目取得上述第二實體區塊位址; 從上述閃存裝置的上述第二實體區塊位址讀取上述使用者資料;以及 傳送上述使用者資料給上述主機端。The method for encrypting and decrypting entity address information as described in claim 1, comprising: Receive the above-mentioned second read command from the above-mentioned host side; Use a decryption algorithm and a decryption parameter to decrypt the encrypted item in the second read command to obtain a decrypted item, wherein the decryption algorithm and the decryption parameter are the reverse procedure of the encryption algorithm and the encryption parameter. ; Obtain the above-mentioned second physical block address from the above-mentioned decrypted project; read the user data from the second physical block address of the flash memory device; and Send the above-mentioned user data to the above-mentioned host. 如請求項1所述的加密和解密實體位址資訊的方法,包含: 將上述項目依據上述第一邏輯區塊位址分成多個群;以及 分別使用多個加密演算法和相應加密參數加密上述群中的上述項目。The method for encrypting and decrypting entity address information as described in claim 1, comprising: dividing the above-mentioned items into a plurality of groups according to the above-mentioned first logical block addresses; and The above items in the above groups are encrypted using a plurality of encryption algorithms and corresponding encryption parameters, respectively. 如請求項3所述的加密和解密實體位址資訊的方法,包含: 紀錄每個群的上述項目使用特定加密演算法和特定加密參數進行加密的資訊。The method for encrypting and decrypting entity address information as described in claim 3, comprising: Record the information that the above items of each group are encrypted using a specific encryption algorithm and specific encryption parameters. 如請求項3所述的加密和解密實體位址資訊的方法,包含: 從上述主機端接收上述第二讀取命令; 取得上述第二讀取命令中攜帶的一第二邏輯區塊位址屬於哪個群的資訊; 使用屬於上述群的一解密演算法和一解密參數解密上述第二讀取命令中的上述加密後項目以獲得一解密後項目,其中上述解密演算法和上述解密參數是上述加密演算法和上述加密參數的逆向程序; 從上述解密後項目取得上述第二實體區塊位址; 從上述閃存裝置的上述第二實體區塊位址讀取上述使用者資料;以及 傳送上述使用者資料給上述主機端。The method for encrypting and decrypting entity address information as described in claim 3, comprising: Receive the above-mentioned second read command from the above-mentioned host side; obtaining information about which group a second logical block address carried in the second read command belongs to; Decrypt the above-mentioned encrypted item in the above-mentioned second read command using a decryption algorithm belonging to the above-mentioned group and a decryption parameter to obtain a decrypted item, wherein the above-mentioned decryption algorithm and the above-mentioned decryption parameter are the above-mentioned encryption algorithm and the above-mentioned encryption Reverse procedure of parameters; Obtain the above-mentioned second physical block address from the above-mentioned decrypted project; read the user data from the second physical block address of the flash memory device; and Send the above-mentioned user data to the above-mentioned host. 一種加密和解密實體位址資訊的裝置,包含: 一控制邏輯,耦接一閃存裝置; 一主機介面,耦接一主機端;以及 一處理單元,耦接上述控制邏輯和上述主機介面,用於通過主機介面從上述主機端接收到一第一讀取命令,請求獲取相應於一段邏輯區塊位址區間的多個第一實體區塊位址,其中,每個上述第一實體區塊位址指出上述邏輯區塊位址區間中的一第一邏輯區塊位址的使用者資料實際儲存在上述閃存裝置中的哪裡;通過上述控制邏輯從上述閃存裝置讀取一第一表,上述第一表包含相應於上述邏輯區塊位址區間的上述第一實體區塊位址;將上述第一實體區塊位址編排入多個項目;使用一加密演算法和一加密參數加密每個上述項目的內容以獲得一加密後項目;以及通過上述主機介面傳送上述加密後項目給上述主機端,使得上述主機端能夠發送攜帶上述加密後項目的一第二讀取命令給上述處理單元,請求讀取上述加密後項目中的一第二實體區塊位址的一使用者資料。A device for encrypting and decrypting physical address information, comprising: a control logic, coupled to a flash memory device; a host interface, coupled to a host; and a processing unit, coupled to the control logic and the host interface, for receiving a first read command from the host through the host interface, requesting to obtain a plurality of first physical areas corresponding to a logical block address range block address, wherein each of the first physical block addresses indicates where the user data of a first logical block address in the logical block address interval is actually stored in the flash memory device; The control logic reads a first table from the flash memory device, the first table includes the first physical block addresses corresponding to the logical block address ranges; and arranges the first physical block addresses into a plurality of project; use an encryption algorithm and an encryption parameter to encrypt the content of each above-mentioned project to obtain an encrypted project; and transmit the above-mentioned encrypted project to the above-mentioned host terminal through the above-mentioned host interface, so that the above-mentioned host terminal can send the encrypted A second read command of the item is given to the processing unit to request to read a user data of a second physical block address in the encrypted item. 如請求項6所述的加密和解密實體位址資訊的裝置,其中上述處理單元通過上述主機介面從上述主機端接收上述第二讀取命令;使用一解密演算法和一解密參數解密上述第二讀取命令中的上述加密後項目以獲得一解密後項目,其中上述解密演算法和上述解密參數是上述加密演算法和上述加密參數的逆向程序;從上述解密後項目取得上述第二實體區塊位址;通過上述控制邏輯從上述閃存裝置的上述第二實體區塊位址讀取上述使用者資料;以及通過上述主機介面傳送上述使用者資料給上述主機端。The device for encrypting and decrypting physical address information according to claim 6, wherein the processing unit receives the second read command from the host through the host interface; decrypts the second read command using a decryption algorithm and a decryption parameter Read the above-mentioned encrypted items in the command to obtain a decrypted item, wherein the above-mentioned decryption algorithm and the above-mentioned decryption parameters are the reverse procedures of the above-mentioned encryption algorithm and the above-mentioned encryption parameters; Obtain the above-mentioned second physical block from the above-mentioned decrypted project address; read the user data from the second physical block address of the flash memory device through the control logic; and transmit the user data to the host through the host interface. 如請求項6所述的加密和解密實體位址資訊的裝置,其中,上述處理單元將上述項目依據上述第一邏輯區塊位址分成多個群;以及分別使用多個加密演算法和相應加密參數加密上述群中的上述項目。The device for encrypting and decrypting physical address information as claimed in claim 6, wherein the processing unit divides the items into a plurality of groups according to the first logical block address; and uses a plurality of encryption algorithms and corresponding encryption algorithms respectively. The parameters encrypt the above items in the above groups. 如請求項8所述的加密和解密實體位址資訊的裝置,其中,上述處理單元紀錄每個群的上述項目使用特定加密演算法和特定加密參數進行加密的資訊。The apparatus for encrypting and decrypting physical address information as claimed in claim 8, wherein the processing unit records the information that the items of each group are encrypted using a specific encryption algorithm and a specific encryption parameter. 如請求項8所述的加密和解密實體位址資訊的裝置,其中,上述處理單元通過上述主機介面從上述主機端接收上述第二讀取命令;取得上述第二讀取命令中攜帶的一第二邏輯區塊位址屬於哪個群的資訊;使用屬於上述群的一解密演算法和一解密參數解密上述第二讀取命令中的上述加密後項目以獲得一解密後項目,其中上述解密演算法和上述解密參數是上述加密演算法和上述加密參數的逆向程序;從上述解密後項目取得上述第二實體區塊位址;通過上述控制邏輯從上述閃存裝置的上述第二實體區塊位址讀取上述使用者資料;以及通過上述主機介面傳送上述使用者資料給上述主機端。The device for encrypting and decrypting physical address information according to claim 8, wherein the processing unit receives the second read command from the host through the host interface; obtains a first read command carried in the second read command Information about which group the two logical block addresses belong to; use a decryption algorithm and a decryption parameter belonging to the group to decrypt the encrypted item in the second read command to obtain a decrypted item, wherein the decryption algorithm And above-mentioned decryption parameter is the reverse procedure of above-mentioned encryption algorithm and above-mentioned encryption parameter; Obtain above-mentioned second physical block address from above-mentioned deciphered project; Read above-mentioned second physical block address from above-mentioned flash memory device through above-mentioned control logic Obtaining the above-mentioned user data; and transmitting the above-mentioned user data to the above-mentioned host through the above-mentioned host interface. 如請求項8所述的加密和解密實體位址資訊的裝置,其中,上述處理單元通過上述主機介面從上述主機端接收上述第二讀取命令;取得上述第二讀取命令中攜帶的一第二邏輯區塊位址屬於哪個群的資訊;使用屬於上述群的一解密演算法和一解密參數解密上述第二讀取命令中的上述加密後項目以獲得一解密後項目,其中上述解密演算法和上述解密參數是上述加密演算法和上述加密參數的逆向程序;從上述解密後項目取得上述第一表的一實體區塊位址;依據上述第一表的上述實體區塊位址判斷上述解密後項目是否有效;當上述解密後項目有效時,通過上述控制邏輯從上述閃存裝置的上述第二實體區塊位址讀取上述使用者資料,並通過上述主機介面傳送上述使用者資料給上述主機端。The device for encrypting and decrypting physical address information according to claim 8, wherein the processing unit receives the second read command from the host through the host interface; obtains a first read command carried in the second read command Information about which group the two logical block addresses belong to; use a decryption algorithm and a decryption parameter belonging to the group to decrypt the encrypted item in the second read command to obtain a decrypted item, wherein the decryption algorithm And above-mentioned decryption parameter is the reverse program of above-mentioned encryption algorithm and above-mentioned encryption parameter; Obtain a physical block address of above-mentioned first table from the above-mentioned after-decryption project; Judge above-mentioned decryption according to the above-mentioned physical block address of above-mentioned first table Whether the latter item is valid; when the decrypted item is valid, read the user data from the second physical block address of the flash memory device through the control logic, and transmit the user data to the host through the host interface end. 如請求項11所述的加密和解密實體位址資訊的裝置,其中,當上述解密後項目無效時,上述處理單元通過上述主機介面傳送讀取失敗的訊息給上述主機端。The device for encrypting and decrypting physical address information according to claim 11, wherein when the decrypted item is invalid, the processing unit transmits a read failure message to the host through the host interface. 如請求項11所述的加密和解密實體位址資訊的裝置,其中,當上述解密後項目無效時,上述處理單元通過上述主機介面建議上述主機端更新一快取中的上述邏輯區塊位址區間的上述第一實體區塊位址。The device for encrypting and decrypting physical address information according to claim 11, wherein when the decrypted item is invalid, the processing unit recommends the host to update the logical block address in a cache through the host interface The above-mentioned first physical block address of the interval.
TW109122196A 2020-05-20 2020-07-01 Method and apparatus for encrypting and decrypting physical address information TWI747351B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202063027429P 2020-05-20 2020-05-20
US63/027,429 2020-05-20

Publications (2)

Publication Number Publication Date
TWI747351B TWI747351B (en) 2021-11-21
TW202145042A true TW202145042A (en) 2021-12-01

Family

ID=78646710

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109122196A TWI747351B (en) 2020-05-20 2020-07-01 Method and apparatus for encrypting and decrypting physical address information

Country Status (2)

Country Link
CN (1) CN113704145B (en)
TW (1) TWI747351B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003027816A1 (en) * 2001-09-28 2003-04-03 High Density Devices As Method and device for encryption/decryption of data on mass storage device
TWI679554B (en) * 2017-03-07 2019-12-11 慧榮科技股份有限公司 Data storage device and operating method therefor
TWI639918B (en) * 2017-05-11 2018-11-01 慧榮科技股份有限公司 Data storage device and operating method therefor
TWI629591B (en) * 2017-08-30 2018-07-11 慧榮科技股份有限公司 Method for accessing flash memory module and associated flash memory controller and electronic device
JP7048411B2 (en) * 2018-05-22 2022-04-05 キオクシア株式会社 Memory system and control method
CN109408403A (en) * 2018-10-12 2019-03-01 深圳市硅格半导体有限公司 Mapping method, device, system and storage medium based on storage equipment bottom

Also Published As

Publication number Publication date
TWI747351B (en) 2021-11-21
CN113704145A (en) 2021-11-26
CN113704145B (en) 2024-02-09

Similar Documents

Publication Publication Date Title
US20190196983A1 (en) Multi-tenant encryption for storage class memory
US11847243B2 (en) Memory system
TW202201214A (en) Memory system and control method
TWI679554B (en) Data storage device and operating method therefor
US8589669B2 (en) Data protecting method, memory controller and memory storage device
KR102188062B1 (en) Method for operating data storage device and method for operating system having the device
US8886963B2 (en) Secure relocation of encrypted files
WO2013130632A1 (en) Using storage controller bus interfaces to secure data transfer between storage devices and hosts
TWI705687B (en) Key management device and processor chip for data encryption/decryption
US11861022B2 (en) Method and computer program product and apparatus for encrypting and decrypting physical-address information
TWI756854B (en) Method and apparatus and computer program product for managing data storage
TW202101236A (en) Method and apparatus for encrypting and decrypting user data
TWI747351B (en) Method and apparatus for encrypting and decrypting physical address information
TWI736000B (en) Data storage device and operating method therefor
TWI775284B (en) Memory system, its control method and information processing system
CN113721838B (en) Write, read data method for memory device, memory controller, and DMA engine
JP2023039697A (en) memory system
TWI731407B (en) Key management device having bypass channels and processor chip
US20240086336A1 (en) Storage device deleting encryption key, method of operating the same, and method of operating electronic device including the same
US11994985B2 (en) Method and apparatus for performing access management of memory device in host performance booster architecture with aid of device side table information encoding and decoding
US11709785B2 (en) Just-in-time post-processing computation capabilities for encrypted data
US11995349B2 (en) Method and apparatus for performing access management of memory device in host performance booster architecture with aid of device side table information encoding and decoding
US20240220667A1 (en) Storage device and computing device including the same
CN117786774A (en) Data protection method, flash memory device controller and flash memory device
CN115408729A (en) Vendor independent facility for a provisioning application to access a secure memory device